diff options
| -rw-r--r-- | CHANGELOG.md | 2 | ||||
| -rw-r--r-- | mullvad-daemon/src/wireguard.rs | 108 |
2 files changed, 57 insertions, 53 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b9540a353b..c494003714 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,6 +38,8 @@ Line wrap the file at 100 chars. Th - Wait for traffic to be routed through the tunnel device before advertising blocked state. ### Fixed +- Don't try to replace WireGuard key if account has too many keys already. + #### Windows - Fix regression due to which a TAP adapter issue was not given as the specific block reason when the tunnel could not be started. diff --git a/mullvad-daemon/src/wireguard.rs b/mullvad-daemon/src/wireguard.rs index bce77b9041..bfedb6a54d 100644 --- a/mullvad-daemon/src/wireguard.rs +++ b/mullvad-daemon/src/wireguard.rs @@ -316,10 +316,11 @@ impl KeyManager { public_key: PublicKey, rotation_interval_secs: u64, account_token: AccountToken, - ) -> impl Future<Item = WireguardData, Error = Error> + Send { + ) -> impl Future<Item = PublicKey, Error = Error> + Send { let expiration_timer = Self::create_key_expiration_timer(public_key.clone(), rotation_interval_secs); + let account_token_copy = account_token.clone(); expiration_timer @@ -336,17 +337,28 @@ impl KeyManager { public_key.clone(), private_key, ) - .map_err(|err| Error::RpcError(err)) + .map_err(Self::map_rpc_error) }) }) - .map(move |wireguard_data| { - // Update account data - let _ = daemon_tx.unbounded_send(InternalDaemonEvent::WgKeyEvent(( - account_token_copy, - Ok(wireguard_data.clone()), - ))); - - wireguard_data + .then(move |rpc_result| { + match rpc_result { + Ok(data) => { + // Update account data + let _ = daemon_tx.send(InternalDaemonEvent::WgKeyEvent(( + account_token_copy, + Ok(data.clone()), + ))); + Ok(data.get_public_key()) + } + Err(Error::TooManyKeys) => { + let _ = daemon_tx.send(InternalDaemonEvent::WgKeyEvent(( + account_token_copy, + Err(Error::TooManyKeys), + ))); + Err(Error::TooManyKeys) + } + Err(unknown_err) => Err(unknown_err), + } }) } @@ -367,52 +379,42 @@ impl KeyManager { account_token.clone(), ); - let create_repeat_future = move |result: Result<WireguardData>| { - let next_public_key; - let next_interval: u64; - - match result { - Ok(wg_data) => { - next_interval = rotation_interval_secs; - next_public_key = wg_data.get_public_key(); - - Self::create_automatic_rotation( - daemon_tx.clone(), - http_handle.clone(), - next_public_key, - next_interval, - account_token.clone(), - ) - } - Err(e) => { - log::error!( - "Key rotation failed: {}. Retrying in {} seconds", - e, - AUTOMATIC_ROTATION_RETRY_DELAY, - ); + let create_repeat_future = move |result: Result<PublicKey>| match result { + Ok(next_public_key) => Self::create_automatic_rotation( + daemon_tx.clone(), + http_handle.clone(), + next_public_key, + rotation_interval_secs, + account_token.clone(), + ), + Err(Error::TooManyKeys) => Box::new(futures::future::ok(())), + Err(e) => { + log::error!( + "Key rotation failed: {}. Retrying in {} seconds", + e, + AUTOMATIC_ROTATION_RETRY_DELAY, + ); - next_interval = rotation_interval_secs; - next_public_key = public_key.clone(); + let next_public_key = public_key.clone(); - let daemon_tx = daemon_tx.clone(); - let http_handle = http_handle.clone(); - let account_token = account_token.clone(); + let daemon_tx = daemon_tx.clone(); + let http_handle = http_handle.clone(); + let account_token = account_token.clone(); - Box::new( - tokio_timer::wheel() - .build() - .sleep(Duration::from_secs(AUTOMATIC_ROTATION_RETRY_DELAY)) - .then(move |_| { - Self::create_automatic_rotation( - daemon_tx, - http_handle, - next_public_key, - next_interval, - account_token, - ) - }), - ) - } + Box::new( + tokio_timer::wheel() + .build() + .sleep(Duration::from_secs(AUTOMATIC_ROTATION_RETRY_DELAY)) + .then(move |_| { + Self::create_automatic_rotation( + daemon_tx, + http_handle, + next_public_key, + rotation_interval_secs, + account_token, + ) + }), + ) } }; |